Summary Publication CVE ID Published Date Last Updated
Email-derived URL path injection in the Swoosh Microsoft Graph adapter
  • pkg:hex/swoosh
  • pkg:github/swoosh/swoosh
CVE-2026-54893 06 July 2026 07 July 2026
mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5
  • pkg:hex/mint
  • pkg:github/elixir-mint/mint
CVE-2026-56810 06 July 2026 07 July 2026
Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax
  • pkg:hex/hpax
  • pkg:github/elixir-mint/hpax
CVE-2026-58226 06 July 2026 06 July 2026
Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl
  • pkg:otp/ssl
  • pkg:github/erlang/otp
CVE-2026-54891 02 July 2026 03 July 2026
DTLS listener crash via race condition in dtls_packet_demux causes denial of service for all sessions
  • pkg:otp/ssl
  • pkg:github/erlang/otp
CVE-2026-55950 02 July 2026 03 July 2026
SSH SFTP server denial of service via extended channel data infinite loop
  • pkg:otp/ssh
  • pkg:github/erlang/otp
CVE-2026-54886 02 July 2026 03 July 2026
TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension
  • pkg:otp/ssl
  • pkg:github/erlang/otp
CVE-2026-55952 02 July 2026 03 July 2026
DTLS server cookie bypass during startup window due to empty initial cookie secret
  • pkg:otp/ssl
  • pkg:github/erlang/otp
CVE-2026-54887 02 July 2026 03 July 2026
SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root
  • pkg:otp/ssh
  • pkg:github/erlang/otp
CVE-2026-53422 02 July 2026 03 July 2026
Atom-table exhaustion denial-of-service via JSON parse_document in MDEx
  • pkg:hex/mdex
  • pkg:github/leandrocp/mdex
CVE-2026-53426 29 June 2026 30 June 2026
Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)
  • pkg:hex/mdex
  • pkg:github/leandrocp/mdex
CVE-2026-54889 29 June 2026 30 June 2026
Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex
  • pkg:hex/mdex
  • pkg:github/leandrocp/mdex
  • pkg:hex/mdex_native
  • pkg:github/leandrocp/mdex_native
CVE-2026-54888 29 June 2026 30 June 2026
Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service
  • pkg:hex/mdex
  • pkg:github/leandrocp/mdex
  • pkg:hex/mdex_native
  • pkg:github/leandrocp/mdex_native
CVE-2026-53429 29 June 2026 30 June 2026
Unbounded memory allocation in highlight_lines range expansion in mdex
  • pkg:hex/mdex
  • pkg:github/leandrocp/mdex
  • pkg:hex/mdex_native
  • pkg:github/leandrocp/mdex_native
CVE-2026-53428 29 June 2026 30 June 2026
Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute
  • pkg:hex/mdex
  • pkg:github/leandrocp/mdex
  • pkg:hex/mdex_native
  • pkg:github/leandrocp/mdex_native
CVE-2026-53427 29 June 2026 30 June 2026
Private action arguments can be set by user input in Ash
  • pkg:hex/ash
  • pkg:github/ash-project/ash
CVE-2026-55736 23 June 2026 23 June 2026
Plug: quadratic-time decoding of nested query/body parameters enables denial of service
  • pkg:hex/plug
  • pkg:github/elixir-plug/plug
CVE-2026-54892 23 June 2026 23 June 2026
Stored XSS via unescaped HTML attribute values in earmark
  • pkg:hex/earmark
  • pkg:github/pragdave/earmark
CVE-2026-48591 17 June 2026 18 June 2026
Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc
  • pkg:hex/grpc
  • pkg:github/elixir-grpc/grpc
CVE-2026-48853 15 June 2026 17 June 2026
grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1
  • pkg:hex/grpc
  • pkg:github/elixir-grpc/grpc
CVE-2026-53430 15 June 2026 17 June 2026
Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding
  • pkg:hex/grpc
  • pkg:github/elixir-grpc/grpc
CVE-2026-48599 15 June 2026 17 June 2026
Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc
  • pkg:hex/grpc
  • pkg:github/elixir-grpc/grpc
CVE-2026-48854 15 June 2026 17 June 2026
OAuth2/OIDC account takeover in AshAuthentication via email-based user matching
  • pkg:hex/ash_authentication
  • pkg:github/team-alembic/ash_authentication
CVE-2026-49757 15 June 2026 15 June 2026
Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin
  • pkg:hex/membrane_mp4_plugin
  • pkg:github/membraneframework/membrane_mp4_plugin
CVE-2026-53423 11 June 2026 12 June 2026
httpc leaks Authorization header to cross-origin redirect targets
  • pkg:otp/inets
  • pkg:github/erlang/otp
CVE-2026-48856 10 June 2026 11 June 2026
Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist
  • pkg:otp/ssl
  • pkg:github/erlang/otp
CVE-2026-48860 10 June 2026 11 June 2026
SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured
  • pkg:otp/ssh
  • pkg:github/erlang/otp
CVE-2026-48855 10 June 2026 11 June 2026
ftp client PASV response IP not validated against control peer, enabling SSRF and FTP bounce attacks
  • pkg:otp/inets
  • pkg:otp/ftp
  • pkg:github/erlang/otp
CVE-2026-48858 10 June 2026 11 June 2026
SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration
  • pkg:otp/ssh
  • pkg:github/erlang/otp
CVE-2026-48859 10 June 2026 11 June 2026
Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash
  • pkg:otp/erts
  • pkg:github/erlang/otp
CVE-2026-49759 10 June 2026 01 July 2026
Stack Buffer Overflow in ei_s_print_term at Very Large Integer
  • pkg:otp/erl_interface
  • pkg:github/erlang/otp
CVE-2026-49760 10 June 2026 11 June 2026
Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service
  • pkg:otp/elixir
  • pkg:github/elixir-lang/elixir
CVE-2026-49762 09 June 2026 10 June 2026
HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2
  • pkg:hex/cowlib
  • pkg:github/ninenines/cowlib
CVE-2026-43966 08 June 2026 09 June 2026
Decompression bomb DoS in Req via auto-decoded archive and compressed response bodies
  • pkg:hex/req
  • pkg:github/wojtekmach/req
CVE-2026-49755 08 June 2026 08 June 2026
Multipart form-data header injection in Req via unescaped name/filename/content_type
  • pkg:hex/req
  • pkg:github/wojtekmach/req
CVE-2026-49756 08 June 2026 08 June 2026
gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion
  • pkg:hex/gun
  • pkg:github/ninenines/gun
CVE-2026-43973 08 June 2026 08 June 2026
gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection
  • pkg:hex/gun
  • pkg:github/ninenines/gun
CVE-2026-43972 08 June 2026 08 June 2026
gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM
  • pkg:hex/gun
  • pkg:github/ninenines/gun
CVE-2026-43974 08 June 2026 08 June 2026
CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection
  • pkg:hex/tesla
  • pkg:github/elixir-tesla/tesla
CVE-2026-48596 02 June 2026 04 June 2026
Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression
  • pkg:hex/tesla
  • pkg:github/elixir-tesla/tesla
CVE-2026-48594 02 June 2026 04 June 2026
Authorization header leaks to third-party origin on cross-origin redirect in Tesla.Middleware.FollowRedirects
  • pkg:hex/tesla
  • pkg:github/elixir-tesla/tesla
CVE-2026-48595 02 June 2026 04 June 2026
Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint
  • pkg:hex/tesla
  • pkg:github/elixir-tesla/tesla
CVE-2026-48597 02 June 2026 04 June 2026
CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection
  • pkg:hex/tesla
  • pkg:github/elixir-tesla/tesla
CVE-2026-48598 02 June 2026 04 June 2026
HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing
  • pkg:hex/mint
  • pkg:github/elixir-mint/mint
CVE-2026-49753 02 June 2026 02 June 2026
HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation
  • pkg:hex/mint
  • pkg:github/elixir-mint/mint
CVE-2026-49754 02 June 2026 02 June 2026
Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency
  • pkg:hex/mint
  • pkg:github/elixir-mint/mint
CVE-2026-48862 02 June 2026 02 June 2026
CRLF injection in HTTP/1 request line via unvalidated method in Mint
  • pkg:hex/mint
  • pkg:github/elixir-mint/mint
CVE-2026-48861 02 June 2026 02 June 2026
Symlink Following in Hex Package Export Allows Embedding Files Outside Project Root
  • pkg:sid/gleam.run/gleam
  • pkg:github/gleam-lang/gleam
  • pkg:oci/gleam
CVE-2026-42795 02 June 2026 02 June 2026
Path Traversal in gleam docs build via documentation.pages Allows Arbitrary File Read and Write
  • pkg:sid/gleam.run/gleam
  • pkg:github/gleam-lang/gleam
  • pkg:oci/gleam
CVE-2026-32685 02 June 2026 02 June 2026
Path Traversal in build/packages/packages.toml Allows Arbitrary Directory Deletion
  • pkg:sid/gleam.run/gleam
  • pkg:github/gleam-lang/gleam
  • pkg:oci/gleam
CVE-2026-43965 02 June 2026 02 June 2026
ex_aws_sns SigningCertURL not validated in verify_message/1
  • pkg:hex/ex_aws_sns
  • pkg:github/ex-aws/ex_aws_sns
CVE-2026-47074 28 May 2026 29 May 2026
nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification
  • pkg:otp/public_key
  • pkg:github/erlang/otp
CVE-2026-42790 27 May 2026 01 July 2026
OCSP responder certificate validity period not checked in public_key
  • pkg:otp/public_key
  • pkg:github/erlang/otp
CVE-2026-42791 27 May 2026 27 May 2026
Non-CA certificate accepted as intermediate issuer in public_key path validation
  • pkg:otp/public_key
  • pkg:github/erlang/otp
CVE-2026-42789 27 May 2026 01 July 2026
Missing authorization check on save-job event handler in oban_web
  • pkg:hex/oban_web
  • pkg:github/oban-bg/oban_web
CVE-2026-48592 26 May 2026 27 May 2026
Unbounded range expansion in cron describe causes memory exhaustion in oban_web
  • pkg:hex/oban_web
  • pkg:github/oban-bg/oban_web
CVE-2026-48593 26 May 2026 27 May 2026
Unbounded memory consumption in WebSocket client in hackney
  • pkg:hex/hackney
  • pkg:github/benoitc/hackney
CVE-2026-47073 25 May 2026 27 May 2026
Atom table exhaustion via unrecognized URL schemes in hackney
  • pkg:hex/hackney
  • pkg:github/benoitc/hackney
CVE-2026-47067 25 May 2026 27 May 2026
CRLF injection in WebSocket upgrade request in hackney
  • pkg:hex/hackney
  • pkg:github/benoitc/hackney
CVE-2026-47072 25 May 2026 27 May 2026
SSRF allowlist bypass via percent-encoded host in hackney
  • pkg:hex/hackney
  • pkg:github/benoitc/hackney
CVE-2026-47076 25 May 2026 27 May 2026
HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney
  • pkg:hex/hackney
  • pkg:github/benoitc/hackney
CVE-2026-47070 25 May 2026 27 May 2026
CR/LF injection in query parameter in hackney
  • pkg:hex/hackney
  • pkg:github/benoitc/hackney
CVE-2026-47075 25 May 2026 27 May 2026
Unbounded body accumulation in HTTP/3 response loop in hackney
  • pkg:hex/hackney
  • pkg:github/benoitc/hackney
CVE-2026-47077 25 May 2026 27 May 2026
SOCKS5 TLS upgrade ignores caller timeout in hackney
  • pkg:hex/hackney
  • pkg:github/benoitc/hackney
CVE-2026-47071 25 May 2026 27 May 2026
Infinite loop in Alt-Svc header parser in hackney
  • pkg:hex/hackney
  • pkg:github/benoitc/hackney
CVE-2026-47066 25 May 2026 27 May 2026
CRLF injection in cookie domain/path options in hackney
  • pkg:hex/hackney
  • pkg:github/benoitc/hackney
CVE-2026-47069 25 May 2026 27 May 2026
Cross-session PubSub topic injection via URL parameter in phoenix_storybook
  • pkg:hex/phoenix_storybook
  • pkg:github/phenixdigital/phoenix_storybook
CVE-2026-47068 20 May 2026 27 May 2026
Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
  • pkg:hex/phoenix_storybook
  • pkg:github/phenixdigital/phoenix_storybook
CVE-2026-8467 20 May 2026 27 May 2026
Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook
  • pkg:hex/phoenix_storybook
  • pkg:github/phenixdigital/phoenix_storybook
CVE-2026-8469 20 May 2026 27 May 2026
Unbounded buffer accumulation in multipart header parsing causes denial of service in plug
  • pkg:hex/plug
  • pkg:github/elixir-plug/plug
CVE-2026-8468 14 May 2026 27 May 2026
Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
  • pkg:hex/cowlib
  • pkg:github/ninenines/cowlib
CVE-2026-43970 13 May 2026 15 May 2026
Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
  • pkg:hex/cowboy
  • pkg:github/ninenines/cowboy
CVE-2026-8466 13 May 2026 14 May 2026
HTTP/1 chunked decoder infinite loop on requests with trailer fields in bandit
  • pkg:hex/bandit
  • pkg:github/mtrudel/bandit
CVE-2026-39806 13 May 2026 27 May 2026
HTTP/1 chunked body reader ignores length cap in bandit
  • pkg:hex/bandit
  • pkg:github/mtrudel/bandit
CVE-2026-39803 13 May 2026 27 May 2026
SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3
  • pkg:hex/postgrex
  • pkg:github/elixir-ecto/postgrex
CVE-2026-32687 12 May 2026 26 May 2026
CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
  • pkg:hex/cowlib
  • pkg:github/ninenines/cowlib
CVE-2026-43968 11 May 2026 12 May 2026
Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
  • pkg:hex/cowlib
  • pkg:github/ninenines/cowlib
CVE-2026-7790 11 May 2026 26 May 2026
Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
  • pkg:hex/cowlib
  • pkg:github/ninenines/cowlib
CVE-2026-43969 11 May 2026 12 May 2026
Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe
  • pkg:hex/absinthe
  • pkg:github/absinthe-graphql/absinthe
CVE-2026-42793 08 May 2026 09 May 2026
Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug
  • pkg:hex/absinthe_plug
  • pkg:github/absinthe-graphql/absinthe_plug
CVE-2026-42794 08 May 2026 16 May 2026
Quadratic fragment-name uniqueness check causes denial of service in absinthe
  • pkg:hex/absinthe
  • pkg:github/absinthe-graphql/absinthe
CVE-2026-43967 08 May 2026 09 May 2026
Unbounded exponent in decimal enables unauthenticated DoS
  • pkg:hex/decimal
  • pkg:github/ericmj/decimal
CVE-2026-32686 07 May 2026 27 May 2026
Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix
  • pkg:hex/phoenix
  • pkg:github/phoenixframework/phoenix
CVE-2026-32689 05 May 2026 07 May 2026
CL.CL HTTP request smuggling via duplicate Content-Length in bandit
  • pkg:hex/bandit
  • pkg:github/mtrudel/bandit
CVE-2026-39805 01 May 2026 27 May 2026
WebSocket permessage-deflate inflate has no output-size cap in bandit
  • pkg:hex/bandit
  • pkg:github/mtrudel/bandit
CVE-2026-39804 01 May 2026 27 May 2026
Client-supplied URI scheme trusted without transport verification in bandit
  • pkg:hex/bandit
  • pkg:github/mtrudel/bandit
CVE-2026-39807 01 May 2026 27 May 2026
WebSocket fragmented message reassembly unbounded in bandit
  • pkg:hex/bandit
  • pkg:github/mtrudel/bandit
CVE-2026-42786 01 May 2026 27 May 2026
HTTP/2 frame size limit checked after body is buffered in bandit
  • pkg:hex/bandit
  • pkg:github/mtrudel/bandit
CVE-2026-42788 01 May 2026 27 May 2026
Lockfile checksums not verified in Hex allows dependency integrity bypass
  • pkg:otp/hex
  • pkg:github/hexpm/hex
CVE-2026-32148 30 April 2026 01 May 2026
Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy
  • pkg:hex/plug_cowboy
  • pkg:github/elixir-plug/plug_cowboy
CVE-2026-32688 27 April 2026 29 April 2026
SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT
  • pkg:otp/ssh
  • pkg:github/erlang/otp
CVE-2026-32147 21 April 2026 10 June 2026
Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modification
  • pkg:sid/gleam.run/gleam
  • pkg:github/gleam-lang/gleam
  • pkg:oci/gleam
CVE-2026-32146 11 April 2026 01 July 2026
ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
  • pkg:otp/inets
  • pkg:github/erlang/otp
CVE-2026-28808 07 April 2026 01 July 2026
OCSP designated-responder authorization bypass via missing signature verification
  • pkg:otp/public_key
  • pkg:otp/ssl
  • pkg:github/erlang/otp
CVE-2026-32144 07 April 2026 01 July 2026
Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver
  • pkg:otp/kernel
  • pkg:github/erlang/otp
CVE-2026-28810 07 April 2026 27 May 2026
Multipart form body parser bypasses body size limits in wisp
  • pkg:hex/wisp
  • pkg:github/gleam-wisp/wisp
CVE-2026-32145 02 April 2026 07 April 2026
XXE in esaml SAML library allows local file read and potential SSRF
  • pkg:hex/esaml
  • pkg:github/arekinath/esaml
  • pkg:github/handnot2/esaml
  • pkg:github/dropbox/esaml
  • pkg:github/Jump-App/esaml
CVE-2026-28809 23 March 2026 27 May 2026
Denial of Service via Oversized Package Upload
  • pkg:github/hexpm/hexpm
  • hexpm / hex.pm
CVE-2026-23940 13 March 2026 06 April 2026
Request smuggling via first-wins Content-Length parsing in inets httpd
  • pkg:otp/inets
  • pkg:github/erlang/otp
CVE-2026-23941 13 March 2026 27 May 2026
Pre-auth SSH DoS via unbounded zlib inflate
  • pkg:otp/ssh
  • pkg:github/erlang/otp
CVE-2026-23943 13 March 2026 10 June 2026
SFTP root escape via component-agnostic prefix check in ssh_sftpd
  • pkg:otp/ssh
  • pkg:github/erlang/otp
CVE-2026-23942 13 March 2026 27 May 2026
Path Traversal in wisp.serve_static allows arbitrary file read
  • pkg:hex/wisp
  • pkg:github/gleam-wisp/wisp
CVE-2026-28807 10 March 2026 06 April 2026
Improper authorization in device bulk actions and device update API allows cross-organization device control
  • pkg:otp/nerves_hub
  • pkg:oci/nerves-hub
  • pkg:github/nerves-hub/nerves_hub_web
CVE-2026-28806 10 March 2026 27 May 2026
Password Reset Tokens Do Not Expire
  • pkg:github/hexpm/hexpm
  • hexpm / hex.pm
CVE-2026-21622 05 March 2026 21 April 2026
Improper Scope Enforcement in OAuth client_credentials Flow Allows Read-Only API Key to Escalate to Full Access
  • pkg:github/hexpm/hexpm
  • hexpm / hex.pm
CVE-2026-21621 05 March 2026 06 April 2026
Unsafe Deserialization of Erlang Terms in hex_core
  • pkg:github/hexpm/hex_core
  • pkg:hex/hex_core
  • pkg:github/hexpm/hex
  • pkg:otp/hex
  • pkg:github/erlang/rebar3
  • pkg:otp/rebar3
CVE-2026-21619 27 February 2026 27 May 2026
Path Traversal in Local File Store Backend
  • pkg:github/hexpm/hexpm
CVE-2026-23939 26 February 2026 07 April 2026
TFTP Path Traversal
  • pkg:github/erlang/otp
  • pkg:otp/inets
  • pkg:otp/tftp
CVE-2026-21620 20 February 2026 27 May 2026
Cross-site scripting (XSS) in OAuth Device Authorization screen
  • pkg:github/hexpm/hexpm
  • hexpm / hex.pm
CVE-2026-21618 19 January 2026 06 April 2026
Authorization bypass when bypass policy condition evaluates to true
  • pkg:hex/ash
  • pkg:github/ash-project/ash
CVE-2025-48044 17 October 2025 27 May 2026
Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization
  • pkg:hex/ash
  • pkg:github/ash-project/ash
CVE-2025-48043 10 October 2025 27 May 2026
SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles
  • pkg:otp/ssh
  • pkg:github/erlang/otp
CVE-2025-48041 11 September 2025 05 June 2026
Malicious Key Exchange Messages may Lead to Excessive Resource Consumption
  • pkg:otp/ssh
  • pkg:github/erlang/otp
CVE-2025-48040 11 September 2025 05 June 2026
Unverified Paths can Cause Excessive Use of System Resources
  • pkg:otp/ssh
  • pkg:github/erlang/otp
CVE-2025-48039 11 September 2025 05 June 2026
Unverified File Handles can Cause Excessive Use of System Resources
  • pkg:otp/ssh
  • pkg:github/erlang/otp
CVE-2025-48038 11 September 2025 05 June 2026
Before action hooks may execute in certain scenarios despite a request being forbidden
  • pkg:hex/ash
  • pkg:github/ash-project/ash
CVE-2025-48042 07 September 2025 27 May 2026
Missing Session Revocation on Logout in ash_authentication_phoenix
  • pkg:hex/ash_authentication_phoenix
  • pkg:github/team-alembic/ash_authentication_phoenix
CVE-2025-4754 17 June 2025 27 May 2026
Absolute path traversal in zip:unzip/1,2
  • pkg:otp/stdlib
  • pkg:github/erlang/otp
CVE-2025-4748 16 June 2025 27 May 2026

CVE’s can also be requested as a JSON: GET /cves/index.json

OSV records can also be requested as a JSON: GET /osv/all.json

Subscribe via feed: Atom · RSS